Globalization glued world economies together, allowing retail and institutional value to flow across borders. However, regulators and governments maintain checks to prevent uncontrolled fund flows in and out of their jurisdictions in ways that can damage their financial systems. The red tape associated with international transacting and investing is essential to why cryptocurrency usage witnesses growing adoption.
The peer-to-peer transaction capability of crypto assets proved a promising application for those wanting to move value beyond jurisdictions in simple and inexpensive ways. Their decentralization enables a borderless existence in cyberspace and connects individuals worldwide financially. However, the openness of an ungoverned borderless system turned out to cause several risks, like facilitating easy laundering for criminal enterprises, stability risks for financial systems, and safety risks for investors and holders.
No wonder regulators intervene to safeguard their economies and citizens from the destructive aspects of the unregulated crypto ecosystem. With that, many jurisdictions are implementing regulatory frameworks tailored to cryptocurrency, with many more jurisdictions designing their own as per global trends to regulate the borderless asset class in collaboration with other regulators.
While regulations focused on the centralized aspects of the crypto ecosystem, like centralized exchanges and custodians called CASPs (Crypto Asset Service Providers), lawmakers are now looking at DeFi, which comprises decentralized protocols. Of course, directly regulating applications launched and operated in no specific jurisdiction is fruitless.
How Macroeconomics Are Changing the Operationality of Crypto Enterprises
Regulators understand the challenges of regulating crypto and are in the process of implementing controls on CASPs that act as on- and off-ramps to the DeFi realm. Illicit funds from questionable wallets are traceable to user accounts on CASPs thanks to KYC and AML mandates, helping reduce the criminal laundering of funds through digital assets. Recent regulations address risks compounded by decentralized use cases through centralized chokepoints.
Beyond AML implementations, regulators want to oversee crypto assets from a macroeconomic perspective rather than treating them as a fringe, siloed ecosystem. Since they offer capabilities for users to move their value outside their jurisdictions effortlessly, regulations will address imposing capital controls at the CASP level, limiting the easy conversion of cryptocurrencies into fiat. Such efforts need international collaborations to prevent cryptocurrency transactions from causing financial instability domestically and internationally.
Regulations for Crypto Asset Service Providers (CASPs) must balance innovation and law enforcement to avoid discouraging participation and stagnation in the crypto industry. Preserving crypto asset accessibility is crucial, as they can help address global “unbanked” and “underbanked” populations effectively.
Crypto Asset Service Providers (CASPs) must comply with global regulations to advance the crypto industry, prevent illegal activities, and maintain market integrity and stability, aligning them with traditional financial institutions.
Regulations Come as the Bear Market is Proving to Wreak Havoc on Crypto Enterprises
The global coordination in the development of crypto regulations is no coincidence. The 2022 crypto bear market left massive tremors throughout the ecosystem causing many projects to go under and many investors to lose the value they held in the digital assets. Simultaneously, criminal activity in the ecosystem shot up tremendously, reaching all-time highs. Crypto-related crime is not slowing down either, with 2023 reporting similar trends as the previous year.
Since trading volumes are down and retail users are not as indulgent in the crypto markets as they were during the bear run, cybercriminals are setting their sights on enterprises holding and interacting with large amounts of assets. While they are always targets, bear markets push bad actors to focus harder on them.
To that tune, enterprises throughout the ecosystem are witnessing various parts of their infrastructures besieged. Hackers are flocking to extract as much value from enterprise hot wallets, often considered the most vulnerable point in their storage infrastructures. Cold wallets are not left alone either – cybercriminals are turning to phishing attempts to wrench out private key details and other sensitive information from enterprise CXOs and employees. The ever-evolving economic conditions bearing a direct impact on everyone’s lives combined with human greed can turn employees rogue, resulting in stolen funds and compromised systems, from within the enterprises.
Regulators everywhere are scrambling to weave frameworks that enforce CASPs to implement best practices to prevent them from bleeding funds like they are because of criminal activity. Here are instances of the biggest hacks aimed at CASPs this year.
|The DeFi protocol witnessed a $200 million hack as a hacker exploited the platform through flash loan attacks. They then routed the funds through the Tornado Cash mixer to cover their tracks and confuse investigators and authorities. However, in a turn of events, the hacker returned all the stolen funds to the protocol’s management.
|One of Singapore’s biggest centralized exchanges, Bitrue, suffered a $23 million hack, with the exploit of its hot wallets causing the loss of the funds. The platform implemented stopgaps immediately to prevent losing more funds, but damage occurred. Nevertheless, the platform has promised to reimburse users who lost their funds to the exploit.
|Another DeFi protocol, Deus Finance, experienced a $6 million exploit when hackers used bots to manipulate error-laden smart contracts deployed on BNB Smart Chain and Arbitrum. The stolen funds comprised DEI – the protocol’s native stablecoin. The attack followed a flash loan exploit that targeted the protocol in 2022, leading cybercriminals to walk away with $3 million in the more known DAI stablecoin and Ether.
|Some Trust Wallet users fell victim to a nefarious phishing attack when individuals set up meetings with users in the guise of investors. They convinced the victims to download malware containing PDFs fronted as NDAs to deals, which infected user devices and retrieved wallet private keys for the hackers to use. The attackers used this social engineering scheme to draw close to $4 million from unsuspecting Trust Wallet users.
|Hackers got into KuCoin’s official Twitter (or X) handle and staged a giveaway to users willing to send cryptocurrency to a wallet address. Perceiving the situation as a promotional event, gullible users sent their cryptocurrency to the scammer’s wallet, never to see their funds or any giveaways. The amount stolen was comparatively small, amounting to $22,000, but depicts the creative methods cybercriminals take to capitalize.
Regulatory Standardization of Enterprise Operations Is Coming Soon
Despite the risks associated with crypto assets and the grim image often portrayed about the asset class, jurisdictions now understand their importance in offering innovation to financial systems. The lack of regulatory oversight over the industry made indulging in the assets risky until now. Here is how regulatory developments make it safer and offer clarity to enterprises providing services and issuing tokens.
The EU’s MiCA Regulations
- MiCA (Markets in Crypto Assets Regulations) addresses crypto industry needs in the EU, focusing on financial stability and user protection.
- Regulations encompass all CASPs in the region, requiring investor safeguarding, stringent checks, and regulatory standards adherence for licenses.
- CASPs must have competent governing members with no criminal records, identify conflicts of interest, and establish user complaint resolution mechanisms.
- Capital requirements and asset preservation are mandated to prevent bank-run-like scenarios.
- MiCA defines three crypto asset types: utility tokens, asset-referenced tokens (ARTs), and e-money tokens.
- NCAs of EU member states oversee CASPs and token issuers under MiCA regulations.
- Projects outside MiCA must publish whitepapers and inform NCAs before token offerings, with marketing restrictions.
- MiCA provides a 14-day withdrawal right for token buyers to combat pump-and-dump schemes.
Regulatory Progress in The United States
- US SEC is regulating the crypto industry, targeting unregistered securities offerings by exchanges like Coinbase and Binance.
- This strict approach may stifle innovation as the SEC considers most crypto assets as securities.
- CASPs in the US are regulated as money service businesses by FinCEN and must comply with AML and OFAC regulations.
- State-level regulations, such as New York’s BitLicense and Texas’ infosec audit requirements, also apply to CASPs.
- The White House is working on a bipartisan bill to comprehensively regulate the crypto industry, similar to the EU’s MiCA regulations.
- Various US regulators, including the SEC and CFTC, will oversee crypto asset issuance and service provision.
- FinCEN will continue to regulate CASPs, and stablecoins will also fall under its oversight.
- US legislators are pushing for stablecoin issuers to follow banking institution standards and maintain transparency about their reserves with regulators.
The Indonesian Regulatory Scene
- The Indonesian Commodity Futures Trading Regulatory Agency (Bappebti) currently regulates the crypto industry in Indonesia.
- Bappebti has established its own crypto exchange, clearing house, and asset storage manager to ensure the safety of Indonesian users.
- This move by the regulator sets a precedent for other independent CASPs (crypto asset service providers) in the jurisdiction.
- Digital assets on distributed ledger technology (DLT) are considered commodities, and CASPs are categorized based on the services they offer.
- CASPs must undergo stringent licensing checks, including requirements for paid-up capital, competent governing members, AML enforcement, and infosec safety measures.
- Crypto asset oversight in Indonesia will transition from Bappebti to the Indonesian Financial Supervisory Authority (OJK) by January 2025.
- There are currently no specific directives for token issuers, including stablecoin providers, but regulations are expected to be introduced in the future.
Australian Regulatory Evolution
- The ASIC (Australian Securities and Investments Commission) is preparing to introduce crypto asset regulations in Australia.
- The Australian government released a consultation paper in February 2023, covering various aspects of the crypto industry.
- CASPs (crypto asset service providers) will be required to obtain an Australian Financial Service (AFS) license for services such as token issuance, asset advising or trading, mining, operating exchanges, and more.
- Each type of service will be subject to specific laws, such as securities laws for listing security tokens on exchange platforms.
- CASPs and token issuers must adhere to transparency requirements and avoid misrepresentations, which are legally punishable under Australian law.
- Organizations must also comply with common regulatory mandates, including AML screening, robust infosec measures, and capital requirements.
- The ASIC collaborates with agencies like the ACCC (Australian Competition and Consumer Commission) to prevent false representation and deceptive marketing of crypto assets and related services.
Progression of Regulatory Bodies Towards Building a Standardized Framework
Regulatory bodies across the world are recognising the importance of standardization. They are actively collaborating with each other to harmonize regulations and create a unified approach to financial oversight.
A standardized regulatory framework offers several benefits to the financial industry and the global economy. It reduces compliance costs for financial institutions, enhances transparency, and fosters healthy competition. Moreover, it provides a greater degree of protection for consumers and investors, instilling confidence in the financial system.
A Look Into How Liminal’s Enterprise Solution Resolves the Regulation Fright
Liminal’s asset storage infrastructure offers CASPs the most secure way to store and transfer assets with multisig and MPC-configured hot, warm, and cold wallets. The wallet infrastructure comes programmed with a policy engine, predetermining the asset amounts and the frequency with which they get transacted from cold storage to withdrawal hot wallets, and the whitelisting feature allows transacting with approved wallet addresses only. The parameters are set and changed by enterprise decision-makers through voting ceremonies. These facets help CASPs achieve storage and transactional security, preventing mishaps and intentional transaction manipulation from within and outside enterprises.
Liminal also employs blanket regulatory checks, including AML, KYC, and CDD requirements, insurance coverage for assets in storage, transaction monitoring, travel rule compliance, and certified infosec architecture. CASPs utilizing Liminal’s solutions can thus easily attain the standards set by their respective regulators and stay compliant during their operations.
Furthermore, the Liminal infrastructure operates algorithmically, automating fund transfers from storage points to withdrawal points, removing the need for employees who may go rogue and compromise enterprise operations, ushering convenience and additional security simultaneously.The Liminal infrastructure possesses several more features that make your asset storage process compliant, secure, and convenient. Check us out here!